5713 matches found
Apple Safari buffer overflow
Buffer overflow on oversized CSS background attribute...
Safari 4.0.3 (Win32) CSS Remote Denial of Service Exploit
!/usr/bin/perl ithinkthereforeiexist.pl AKA Safari 4.0.3 Win32 CSS Remote Denial of Service Exploit Jeremy Brown [email protected]//jbrownsec.blogspot.com//krakowlabs.com 11.09.2009 Another remotely triggerable STACKOVERFLOW in Safari on Windows... 204.72c: Stack overflow - code c00000fd first...
Firefox crashes with evidence of memory corruption
layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unspecified...
Microsoft IE writing-mode内存破坏漏洞(MS09-054)
BUGTRAQ ID: 36616 CVECAN ID: CVE-2009-2531 Internet Explorer是Windows操作系统中默认捆绑的WEB浏览器。 Internet Explorer在解析CSS样式信息时存在漏洞。如果对特定的HTML标签组合使用了writing-mode样式,就可能触发内存破坏。攻击者可以通过构建特制的网页来利用该漏洞,当用户查看网页时,就可能允许远程执行代码。 Microsoft Internet Explorer 8.0 Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 6...
ZDI-09-071: Microsoft Internet Explorer writing-mode Memory Corruption Vulnerability
ZDI-09-071: Microsoft Internet Explorer writing-mode Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-071 October 13, 2009 -- CVE ID: CVE-2009-2531 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer 6 Microsoft Internet Explorer 7...
Microsoft Internet Explorer writing-mode Memory Corruption Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a user must visit a malicious web page. The specific flaw exists in the parsing of CSS style information. When a writing-mode style...
Mozilla Browsers CSS moz-binding Cross Domain Scripting (CVE-2006-0496)
The Mozilla based web browsers are full featured web browsers which serve as popular alternatives to the Microsoft Internet Explorer. The browsers are capable of interpreting HTML, JavaScript, CSS, as well as a myriad of other popular Internet standard formats. The Mozilla based browsers are...
SuSE 10 Security Update : Epiphany (ZYPP Patch Number 5889)
The Mozilla XULRunner 1.8.1 engine received backports for security problems in 1.9.0.5. The following security issues were fixed : - Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute...
SuSE9 Security Update : Epiphany (YOU Patch Number 12326)
The Mozilla Browser received backports for security problems in 1.8.1.14. The following security issues were fixed : - Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary...
CVE-2009-3284
CVE-2009-3284 is a directory traversal vulnerability affecting multiple phpspot products: PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot. A remote attacker could read server files via unspecified vectors and cause potential data disclosure. Public referenc...
Parsing JS Trojan attack with anti-bug warning-the black bar safety net
Web hang horse has now become hackers launched cyber attacks the main one way, and therefore protect against Web security threats, it is particularly important, this article will introduce some of the common JS hung it to the phenomenon and how to respond. Trojan has always been a hack of adept...
DVBBS php v2.0 boardrule.php注入漏洞
PHP2.0++功能介绍: 一、 断点数据库备份,保持所备份的数据和论坛数据同步; 二、 多种形式Url rewrite 伪静态,提高SEO; 三、 多线程信息采集,减少人工操作繁琐度; 四、 自动升级采用多线程断点续传PHP下载模块; 五、 国际论坛界中独创了一个文件安装论坛; 六、 创新、贴心的新发贴回贴模式正在启用---动网PHP2.0++再创佳绩; 七、 发挥PHP优点,大量采用成熟的缓存机制 八、 全优的后台搜索功能; 九、 用户体验 boardrule.php存在sql注入漏洞。 DVBBS php v2.0 暂无 http://p.dvbbs.net/...
Ubuntu USN-822-1 (kdelibs)
The remote host is missing an update to kdelibs announced via advisory USN-822-1. OpenVAS Vulnerability Test $Id: ubuntu8221.nasl 7969 2017-12-01 09:23:16Z santu $ $Id: ubuntu8221.nasl 7969 2017-12-01 09:23:16Z santu $ Description: Auto-generated from advisory USN-822-1 kdelibs Authors: Thomas...
Microsoft Windows嵌入式OpenType字体引擎拒绝服务漏洞
BUGTRAQ ID: 36029 CVECAN ID: CVE-2009-3020 Microsoft Windows是微软开发的非常流行的操作系统。 Windows Server 2003 SP2的嵌入式OpenType(EOT)字体引擎所使用的win32k.sys驱动中存在拒绝服务漏洞。如果用户受骗打开的HTML文档中@font- face CSS规则的src描述符引用了特制的.eot文件,就可能导致系统崩溃。 Microsoft Windows Server 2003 SP2 厂商补丁: Microsoft ---------...
CVE-2009-3020
win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service system crash by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets CSS rule in an HTML document, possibly related to the Embedded OpenType EOT Font Engin...
Design/Logic Flaw
win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service system crash by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets CSS rule in an HTML document, possibly related to the Embedded OpenType EOT Font Engin...
CVE-2009-3020
CVE-2009-3020 refers to a denial-of-service vulnerability in Windows Server 2003 SP2 via win32k.sys/Embedded OpenType Font Engine. The issue arises when a crafted .eot font is referenced in the src descriptor of an @font-face CSS rule in an HTML document, potentially allowing a remote attacker to...
CVE-2008-7117
eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets CSS files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting XSS attacks...
Cross site scripting
eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets CSS files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting XSS attacks...
CVE-2008-7117
eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets CSS files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting XSS attacks...